Privacy Notice

1. Who we are

Personal CFO ("we", "us", "our") is operated by Elm Grove Ecommerce, trading as Personal CFO at personalcfo.money. Elm Grove Ecommerce is the data controller responsible for the personal data described in this notice. For any privacy-related query you can contact us via the support address listed on the site.

2. Data we collect

• Account data: email address, hashed password, display name, preferred currency, locale.
• Authentication data: sign-in timestamps, session tokens, OAuth identifiers (e.g. Google) where you choose social sign-in.
• Ledger data: the financial figures you enter (income, expenses, assets, liabilities) and the audit snapshots derived from them.
• Support and feedback: messages you send us and the optional feedback you submit on audits.
• Technical data: IP address, browser/device identifiers, and basic usage telemetry needed to operate and secure the service.

Payment card details are never collected or stored by us. They are handled directly by Paddle (see Section 5).

3. Why we use it & legal basis

• Provide the service (account creation, storing your ledger, generating audits) — performance of contract.
• Security & fraud prevention (rate-limiting, abuse detection, audit logs) — legitimate interests.
• Customer support — performance of contract / legitimate interests.
• Service improvement (aggregated analytics, feedback review) — legitimate interests.
• Legal compliance (tax, accounting, responding to lawful requests) — legal obligation.
• Transactional email (verification, password reset, billing notices) — performance of contract.

4. Retention

Account and ledger data is retained for as long as your account is active. If you delete your account, personal data is deleted or anonymised within 30 days, except where we are required to retain limited records (e.g. invoicing, tax) for the period mandated by law. Suppressed-email and security logs may be retained longer to prevent re-abuse.

5. Who we share data with

• Paddle.com Market Ltd — our Merchant of Record. Paddle handles all checkout, payment, billing, tax, invoicing, refunds and subscription management. When you purchase, Paddle becomes an independent controller for the data needed to process that sale. See Paddle's privacy policy at paddle.com/legal/privacy.
• Hosting & infrastructure providers (database, edge functions, email delivery) acting as processors under contract.
• Authentication providers (e.g. Google) where you choose to sign in with them.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities where required by law or to protect our rights.

We do not sell personal data and we do not share it for third-party advertising.

6. International transfers

Some of our processors are based outside the UK/EEA. Where personal data is transferred internationally we rely on adequacy decisions or Standard Contractual Clauses to ensure an equivalent level of protection.

7. Your rights

Subject to applicable law (including the UK GDPR / EU GDPR where relevant) you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. We aim to respond to verified requests within one month.

8. Security

We apply appropriate technical and organisational measures including encryption in transit, encrypted storage, scoped access controls, row-level security on the database, and regular review of access. No system is perfectly secure, but we work to minimise risk.

9. Cookies

We use only cookies and local storage strictly necessary to operate the service (authentication session, currency preference, UI state). We do not use advertising or third-party tracking cookies.

10. Changes

If we make material changes to this notice we will update the date above and, where appropriate, notify you by email or in-app notice.